CVE-2020-29069

Name of the Vulnerable Software and Affected Versions Modern Honey Network (MHN) versions through 2020-11-23

Description The issue allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database. This happens because the code tries to uppercase a return value even if that value is not a string, specifically in the get flag ip localdb function in server/mhn/ui/utils.py.

Recommendations For versions through 2020-11-23, consider modifying the get flag ip localdb function to check the type of the return value before attempting to uppercase it, to prevent the denial-of-service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.